X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

Support Forum

When Firefox is running, lots IP addresses show up in the Win7 taskbar resource monitor including 93.184.215.73 - which could be malicious.How do I block it?

Posted

I noticed a slowdown sometimes in Firefox - checked the Windows 7 task manager resource monitor and found lots of IP addresses - though only one Firefox window open. So I checked them out - most seemed legit but this one definitely has a bad reputation from computer forums: 93.184.215.73. What I want to know is a) how do I block it in Firefox? It is easy in IE. You just block it under privacy and security tabs. b) why is Firefox even running this? Thanks. M in Oakland

I noticed a slowdown sometimes in Firefox - checked the Windows 7 task manager resource monitor and found lots of IP addresses - though only one Firefox window open. So I checked them out - most seemed legit but this one definitely has a bad reputation from computer forums: 93.184.215.73. What I want to know is a) how do I block it in Firefox? It is easy in IE. You just block it under privacy and security tabs. b) why is Firefox even running this? Thanks. M in Oakland

Chosen solution

By the way, anything that promises free video downloading or conversion is potentially suspicious in my book. As another experiment, you might want to disable those extensions for a day and see how that affects your traffic. You can do that on the Add-ons page. Either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons

In the left column, click Extensions. Then, if in doubt, disable.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

Notice any differences?

Read this answer in context 2

Additional System Details

Installed Plug-ins

  • Adobe PDF Plug-In For Firefox and Netscape 11.0.10
  • Google Update
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers
  • Nitro PDF plugin for Firefox and Chrome
  • Shockwave Flash 17.0 r0
  • 5.1.30514.0
  • VLC media player Web Plugin

Application

  • Firefox 38.0
  • User Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
  • Support URL: https://support.mozilla.org/1/firefox/38.0/WINNT/en-US/

Extensions

  • BetterPrivacy 1.68 ({d40f5e7b-d2cf-4856-b441-cc613eeffbe3})
  • Google Translator for Firefox 2.1.0.3m (translator@zoli.bod)
  • Simple Youtube and Video Converter 2.0.rev0 (jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack)
  • YouTube mp3 1.0.9 (info@youtube-mp3.org)
  • YouTube Video and Audio Downloader 0.4.4.1 (feca4b87-3be4-43da-a1b1-137c24220968@jetpack)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x0046
  • adapterDeviceID2:
  • adapterDrivers: igdumdx32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 7007103c
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16571
  • driverDate: 1-30-2013
  • driverDate2:
  • driverVersion: 8.15.10.2993
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d 1.1', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Direct3D9Ex vs_3_0 ps_3_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Modified Preferences

Misc

  • User JS: No
  • Accessibility: Yes
James
  • Moderator
1603 solutions 11348 answers

http://en.wikipedia.org/wiki/EdgeCast_Networks http://www.edgecast.com/customers/

Edgecast provide CDN (Content Delivery Network) services to Mozilla and other content providers.

http://en.wikipedia.org/wiki/EdgeCast_Networks http://www.edgecast.com/customers/ Edgecast provide CDN (Content Delivery Network) services to Mozilla and other content providers.

Question owner

I understand it provides some services, but am concerned it can be used as a backdoor. I went to the Edgecast website and see it is owned/provided by Verizon. So my concerns are, can it be used as a backdoor? And second, I'm not sure I trust Verizon with any usage data about me. Should I be concerned about this? Thanks, Martha


James said

http://en.wikipedia.org/wiki/EdgeCast_Networks http://www.edgecast.com/customers/ Edgecast provide CDN (Content Delivery Network) services to Mozilla and other content providers.

marthops said

I noticed a slowdown sometimes in Firefox - checked the Windows 7 task manager resource monitor and found lots of IP addresses - though only one Firefox window open. So I checked them out - most seemed legit but this one definitely has a bad reputation from computer forums: 93.184.215.73. What I want to know is a) how do I block it in Firefox? It is easy in IE. You just block it under privacy and security tabs. b) why is Firefox even running this? Thanks. M in Oakland

'

I understand it provides some services, but am concerned it can be used as a backdoor. I went to the Edgecast website and see it is owned/provided by Verizon. So my concerns are, can it be used as a backdoor? And second, I'm not sure I trust Verizon with any usage data about me. Should I be concerned about this? Thanks, Martha ''James [[#answer-723669|said]]'' <blockquote> http://en.wikipedia.org/wiki/EdgeCast_Networks http://www.edgecast.com/customers/ Edgecast provide CDN (Content Delivery Network) services to Mozilla and other content providers. </blockquote> ''marthops [[#question-1059992|said]]'' <blockquote> I noticed a slowdown sometimes in Firefox - checked the Windows 7 task manager resource monitor and found lots of IP addresses - though only one Firefox window open. So I checked them out - most seemed legit but this one definitely has a bad reputation from computer forums: 93.184.215.73. What I want to know is a) how do I block it in Firefox? It is easy in IE. You just block it under privacy and security tabs. b) why is Firefox even running this? Thanks. M in Oakland </blockquote> '

Modified by marthops

FredMcD
  • Top 10 Contributor
4396 solutions 61648 answers

Helpful Reply

I found this; http://www.ipvoid.com/scan/93.184.215.73/

93.184.215.73 Scan Report

IP Address Information Analysis Date 3 years ago Blacklist Status BLACKLISTED 2/36 IP Address 93.184.215.73 ( Websites Lookup ) Reverse DNS 93.184.215.73 ASN AS15133 ASN Owner EdgeCast Networks, Inc. ISP EdgeCast Networks Continent North America Country Code Flag (US) United States Latitude / Longitude 38.8951 / -77.0364 City Washington Region District of Columbia IP Blacklist Report

I found this; http://www.ipvoid.com/scan/93.184.215.73/ 93.184.215.73 Scan Report IP Address Information Analysis Date 3 years ago Blacklist Status '''BLACKLISTED''' 2/36 IP Address 93.184.215.73 ( Websites Lookup ) Reverse DNS 93.184.215.73 ASN AS15133 ASN Owner EdgeCast Networks, Inc. ISP EdgeCast Networks Continent North America Country Code Flag (US) United States Latitude / Longitude 38.8951 / -77.0364 City Washington Region District of Columbia IP Blacklist Report

Question owner

Thanks. I wonder how it could be both - trusted and blacklisted? I blocked it in IE at least.

Thanks. I wonder how it could be both - trusted and blacklisted? I blocked it in IE at least.
James
  • Moderator
1603 solutions 11348 answers

Helpful Reply

That was three years ago and it does not list the reason for blacklist at the time. If Mozilla had any concerns with using Edgecast then they would not have used it to start with or have discontinued.

Mozilla used to use a system of mirrors http://www-archive.mozilla.org/mirrors.html for releases.mozilla.org to help host the downloads of everything. Now they use cdn's as an example link is http://download.cdn.mozilla.net/pub/mozilla.org/firefox/

https://blog.mozilla.org/it/2012/08/03/dear-mozilla-mirrors-thank-you/ https://developer.mozilla.org/en-US/docs/Glossary/CDN

Mozilla also uses http://aws.amazon.com/cloudfront/ as needed use on-the-fly.

That was three years ago and it does not list the reason for blacklist at the time. If Mozilla had any concerns with using Edgecast then they would not have used it to start with or have discontinued. Mozilla used to use a system of mirrors http://www-archive.mozilla.org/mirrors.html for releases.mozilla.org to help host the downloads of everything. Now they use cdn's as an example link is http://download.cdn.mozilla.net/pub/mozilla.org/firefox/ https://blog.mozilla.org/it/2012/08/03/dear-mozilla-mirrors-thank-you/ https://developer.mozilla.org/en-US/docs/Glossary/CDN Mozilla also uses http://aws.amazon.com/cloudfront/ as needed use on-the-fly.
James
  • Moderator
1603 solutions 11348 answers

http://www.ipvoid.com/scan/93.184.215.73

If Fred had clicked on Update Reported it would have shown BLACKLISTED 1/36

Only MyWOT out of 36 sources lists it as blacklisted and I trust Mozilla FAR more than the almost junk MyWOT (Web of Trust).

http://www.ipvoid.com/scan/93.184.215.73 If Fred had clicked on Update Reported it would have shown BLACKLISTED 1/36 Only MyWOT out of 36 sources lists it as blacklisted and I trust Mozilla FAR more than the almost junk MyWOT (Web of Trust).

Modified by James

jscher2000
  • Top 10 Contributor
8956 solutions 73389 answers

Hi Martha, do you mean the "TCP Connections" list in the Resource Monitor? Normally a short time after a request the connection will gray out showing that it is no longer in use. If a connection is kept open, that could be a feature of a site you're visiting, or it could be a feature of Firefox or one of your extensions. It might be a little difficult to figure that out if you have a lot of tabs open.

If you are inclined to experiment, I would suggest creating a new profile and navigating to a blank tab (about:blank page) to try to isolate Firefox from those factors.

Create a new Firefox profile

A new profile will have your system-installed plugins (e.g., Flash) and extensions (e.g., security suite toolbars), but no themes, other extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder.

This profile will be distinct from and not affect your regular profile.

Exit Firefox and start up in the Profile Manager using the search box on the Start menu or the Windows "Run" dialog. Type or paste the following into the search box/Run dialog and press Enter to run it:

firefox.exe -P

The Profile Manager should open. Please do not delete anything here.

Any time you want to switch profiles, exit Firefox and return to this dialog.

Click the Create Profile button and assign a name like April30, skip the option to change the folder, and then create your new profile. Then select it and start Firefox in the new profile you created.

To load a blank page, type or paste about:blank in the address bar and press Enter.

Anything interesting in the Resource Monitor?

When returning to the Profile Manager, you might be tempted to use the Delete Profile button. But... it's a bit too easy to accidentally delete your "real" profile, so I recommend resisting the temptation. If you do want to clean up later, I suggest making a backup of all your profiles first in case something were to go wrong.

Hi Martha, do you mean the "TCP Connections" list in the Resource Monitor? Normally a short time after a request the connection will gray out showing that it is no longer in use. If a connection is kept open, that could be a feature of a site you're visiting, or it could be a feature of Firefox or one of your extensions. It might be a little difficult to figure that out if you have a lot of tabs open. If you are inclined to experiment, I would suggest creating a new profile and navigating to a blank tab (about:blank page) to try to isolate Firefox from those factors. '''Create a new Firefox profile''' A new profile will have your system-installed plugins (e.g., Flash) and extensions (e.g., security suite toolbars), but no themes, other extensions, or other customizations. It also should have completely fresh settings databases and a fresh cache folder. ''This profile will be distinct from and not affect your regular profile.'' Exit Firefox and start up in the Profile Manager using the search box on the Start menu or the Windows "Run" dialog. Type or paste the following into the search box/Run dialog and press Enter to run it: firefox.exe -P The Profile Manager should open. ''Please do not delete anything here.'' Any time you want to switch profiles, exit Firefox and return to this dialog. Click the Create Profile button and assign a name like April30, skip the option to change the folder, and then create your new profile. Then select it and start Firefox in the new profile you created. To load a blank page, type or paste '''about:blank''' in the address bar and press Enter. Anything interesting in the Resource Monitor? When returning to the Profile Manager, you might be tempted to use the Delete Profile button. But... it's a bit too easy to accidentally delete your "real" profile, so I recommend resisting the temptation. If you do want to clean up later, I suggest making a backup of all your profiles first in case something were to go wrong.
jscher2000
  • Top 10 Contributor
8956 solutions 73389 answers

Chosen Solution

By the way, anything that promises free video downloading or conversion is potentially suspicious in my book. As another experiment, you might want to disable those extensions for a day and see how that affects your traffic. You can do that on the Add-ons page. Either:

  • Ctrl+Shift+a
  • "3-bar" menu button (or Tools menu) > Add-ons

In the left column, click Extensions. Then, if in doubt, disable.

Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step.

Notice any differences?

By the way, anything that promises free video downloading or conversion is potentially suspicious in my book. As another experiment, you might want to disable those extensions for a day and see how that affects your traffic. You can do that on the Add-ons page. Either: * Ctrl+Shift+a * "3-bar" menu button (or Tools menu) > Add-ons In the left column, click Extensions. Then, if in doubt, disable. Often a link will appear above at least one disabled extension to restart Firefox. You can complete your work on the tab and click one of the links as the last step. Notice any differences?
cor-el
  • Top 10 Contributor
  • Moderator
17860 solutions 161609 answers

The current 40a1 Nightly builds show the remote address (IP) of requests in the Net monitor and this web page shows for instance this request:

Blocking content can cause website not to work properly and should always be considered with great care and you should check for blocked content in case of issues.

The current 40a1 Nightly builds show the remote address (IP) of requests in the Net monitor and this web page shows for instance this request: *https://cdn.optimizely.com/js/245885873.js *Remote address: 93.184.220.20:443 Blocking content can cause website not to work properly and should always be considered with great care and you should check for blocked content in case of issues.

Question owner

It wasn't the TCP Connections but it might as well have been - it was in the Network tab in "Overview". Thanks everyone - I'm learning a lot as I trace these things - the ipvoid report is updated to the last hour now - but James is correct, just one source blacklists it. (I still don't trust Verizon) Norton has no information on it.

I should probably disable a downloader add-on I have that doesn't work very well anyway..  I might create a new profile - not sure about that yet.  I got a screen shot of what I see on the resource monitor - attached.

Meanwhile, from this discussion I guess it's safe - but be watchful of add-ons. Thanks everyone for checking this out.

It wasn't the TCP Connections but it might as well have been - it was in the Network tab in "Overview". Thanks everyone - I'm learning a lot as I trace these things - the ipvoid report is updated to the last hour now - but James is correct, just one source blacklists it. (I still don't trust Verizon) Norton has no information on it. I should probably disable a downloader add-on I have that doesn't work very well anyway.. I might create a new profile - not sure about that yet. I got a screen shot of what I see on the resource monitor - attached. Meanwhile, from this discussion I guess it's safe - but be watchful of add-ons. Thanks everyone for checking this out.